摘要: |
由于传统密码认证方式的不便,生物特征识别技术凭借其便捷、可靠、安全可溯源等特性脱颖而出。在不同的生物特征识别技术中,虹膜识别已被证明能提供较高的识别性能和稳定性,常被用于一些安全性要求较高的领域(如机密组织的认证管理等)。在这些领域中,合法用户数量信息往往也属于机密信息,是不能泄露的,近年来针对虹膜识别的攻击手段也越加先进,通过获得的数量信息可能推测出更多的其他信息,造成更大的安全隐患。但是现有的安全虹膜识别方案仅考虑满足可撤销性、不可逆性和不可连接性,未考虑保护用户数量信息。本文提出一种保护用户数量信息的安全虹膜识别方案,每个用户通过自身虹膜特征随机选择的结果及系统参数共同决定该用户的注册模板数量,攻击者难以根据服务器中存储的虹膜模板数量推测出合法用户数量。该方案能够有效地与现有的安全虹膜识别方案进行结合。理论分析结果表明,本文方案能够保护合法用户数量信息、保护新增用户数量信息、预防关联攻击、并且除了能够保持原始安全虹膜识别方案的可撤销性和不可连接性之外,还能进一步提升原始安全虹膜识别方案的不可逆性。实验结果表明,攻击者准确猜对合法用户数量信息的概率不足15%,且相对误差以及相对期望误差均超过10%,因此本文方案能有效保护用户数量信息,并且不会对原始安全虹膜识别方案的识别精度的影响造成较大影响,差异在0.55%之内。 |
关键词: 隐私保护|虹膜识别|用户数量信息 |
DOI:10.19363/J.cnki.cn10-1380/tn.2023.05.05 |
投稿时间:2022-09-09修订日期:2022-11-07 |
基金项目:本课题得到国家自然科学基金(No. 61806151)、湖北省重点研发计划(No. 2022BAA050)、海南省重点研发计划(No. ZDYF2021GXJS014)、重庆市自然科学基金(No. cstc2021jcyj-msxmX1146, No. CSTC2021JCYJ-MSXMX0002)资助。 |
|
Secure Iris Recognition with the Protection of the Number of Users |
ZHOU Yu,XIANG Jianwen,ZHENG Qianrong,ZHAO Dongdong |
School of Computer Science and Artificial Intelligence, Hubei Key Laboratory of Transportation of Internet of Things, Wuhan University of Technology, Wuhan 430070, China;School of Computer Science and Artificial Intelligence, Hubei Key Laboratory of Transportation of Internet of Things, Wuhan University of Technology, Wuhan 430070, China;Chongqing Research Institute, Wuhan University of Technology, Chongqing 401135, China |
Abstract: |
Due to the inconvenience of traditional password authentication methods, biometric identification technology stands out due to its convenience, reliability and traceability. Among the different biometric technologies, iris recognition has been proven to provide high recognition performance and stability, and it often used in areas with high security requirements (e.g., authentication management of confidential organizations). In these fields, the number of users is often confidential and cannot be disclosed. In recent years, attacks on iris recognition have become more sophisticated, and the number of users obtained may lead to additional information and greater security risks. However, the existing secure iris recognition schemes only consider reversibility, irreversibility and unlinkability, and do not consider protecting the number of users. In this paper, we propose a secure iris recognition scheme that protects the number of users, where each user determines the number of registration templates based on the result of random selection from their own iris feature data and the system parameters together. it is difficult for an attacker to infer the number of legitimate users of the system based on the number of iris templates stored in the server. The scheme proposed in this paper can be effectively combined with the existing secure iris recognition scheme. The theoretical analysis results show that the proposed scheme can protect the number of legitimate users, protect the number of new users, and prevent associated attacks. At the same time, in addition to maintaining the revocability and unlinkability of the original secure iris recognition scheme, it can further improve the irreversibility of the original secure iris recognition scheme. The experimental results show that the probability of the attacker correctly guessing the number of legitimate users is less than 15%, and the relative error and the relative expected error are more than 10%. Therefore, the proposed scheme can effectively protect the number of users. And it will not have a large impact on the recognition accuracy of the original security iris recognition scheme, the difference is within 0.55%. |
Key words: privacy protection|iris recognition|the number of users |